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In this report, we investigate the multi-valued Byzantine consensus problem described as follows: 
There are n processors, namely P\, P n , of which at most t processors may be faulty and deviate 
from the algorithm in arbitrary fashion. Denote the set of all fault-free processors as P g0 od- Each 
processor Pj is given an L-bit input value V{, and they want to agree on a value v' such that the 
following properties are satisfied: 

• Termination: every fault-free Pi eventually decides on an output value v^, 

• Consistency: the output values of all fault-free processors are equal, i.e., for every fault-free 
processor p, v[ = v' for some v', 

• Validity: if every fault-free Pi holds the same input Vi = v for some v, then v' = v. 

Algorithms that satisfy the above properties in all executions are said to be error-free. 

The discussion in this report is not self-contained, and relies heavily on the material in [2] and 
PQ - please refer to these papers for necessary background. 

1 A More Efficient Consensus Algorithm 

In our recent paper [2] we introduced an algorithm that solves this problem error-free with com- 
munication complexity approximately n L, for large enough L. In this report, we are going to 
present a more efficient algorithm. The consensus algorithm in this report achieves communication 
complexity 



for t < n/3 and sufficiently large L. 

Our algorithm achieves consensus on a long value of L bits deterministically. Similar to the 
algorithm in [2], the proposed algorithm progresses in generations. Each processor Pi is given an 
input value Vi of L bits, which is divided into L/D parts of size D bits each. These parts are 
denoted as Vi(l),Vi(2), ■ ■ ■ ,Vi(L/D). For the g-th generation (1 < g < L/D), each processor Pi 
uses Vi{g) as its input in Algorithm [TJ Each generation of the algorithm results in processor Pi 
deciding on g-th part (namely, v'^g)) of its final decision value v[. 

The value Vi(g) is represented by a vector of n — t symbols, each symbol represented with 
D/{n — t) bits. For convenience of presentation, we assume that D/(n — t) is an integer. We will 
refer to these n — t symbols as the data symbols. 

An (n, n — t) distance-(i + 1) Reed-Solomon code, denoted as C n _t, is used to encode the n — t 
data symbols into n coded symbols. We assume that D/(n — t) is large enough to allow the above 
Reed-Solomon code to exist, specifically, n < 2 D ^ n ~^ — 1. This condition is met only if L is large 
enough (since L > D). 

In each generation g, a set of at least n — t processors that appear to have identical inputs up to 
generation g — 1 is maintained. More formally, our algorithm maintain a set P ma tch of size at least 
n — t such that for every P L ,Pj G Pmatch-, Vi{h) = Vj(h) appears to be true for all h < g. Pmatch 
is updated in every generation. Notice that, in 8, particular generation, if Pmatch 

does not exist, 

i.e., there are at least t + 1 processors that appear to have input values different from the other 
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Algorithm 1 Multi- Valued Consensus (generation g) 

1. Matching Stage: 

In the following steps, for every processor Pj: Ri[k] «— Sj[k] whenever Pj receives Sj[k] from 
its trusted processor Pj. 

Each processor Pi G P ma tch performs steps 1(a) and 1(b) as follows: 

(a) Compute (5j[l],... , Si[n]) = C n -t(vi(g)), and send Si[i] to every trusted processor Pj. 
(including those not in P ma tch, and Pi itself.). 

(b) VP,- that trusts Pf. 

If Pi = min{Z|P; G Pmatch and Pj trusts Pi}, then Pi sends Si[k] to Pj for each k such 
that Pj does not trust P& G Pmatch- 

Each processor Pj £ Pmatch performs step 1(c) as follows: 

(c) Using the first n — t symbols it has received in steps 1(a) and 1(b), Pj computes Sj[j] 
according to C n -t, then sends Sj[j] to all trusted processors (Including Pj itself.). 

2. Checking Stage: 

Each processor Pi (in P ma tch or not) performs Checking Stage as follows: 

(a) If Ri G C n -t then Detectedi ^— false ; else Detectedi <— true . 

(b) If Pi G P m atch and Ri / Si then Detectedi «— true . 

(c) Broadcast Detectedi using Broadcast-Single-Bit . 

(d) Receive Detected j from each processor Pj (broadcast in step 2(c)). 

If Detectedj = false for all Pj, decide on v'i(g) = C~\(Ri); else enter Diagnosis Stage. 

3. Diagnosis Stage: 

Each processor Pi (in P m atch or not) performs Diagnosis Stage as follows: 

(a) Broadcast Si and Ri using Broadcast-Single-Bit . 

(b) S 1 * <— Sj and P* <— Rj received from Pj as a result of broadcast in step 3(a). 
Using the broadcast information, all processors perform the following steps identically: 

(c) For each edge (i,j) in Diag-Graph : Remove edge (i,j) if 3k, such that Pj receives Si[k] 
from Pi in Matching stage and Rf[k] ^ Sf[k] 

(d) For each Pi G Pmatch- If Sf G" C n -t, then Pi must be faulty. So remove i and the 
adjacent edges from Diag_Graph . 

(e) For each Pj £ Pmatch- If Sj\j] 1S n °t consistent with the subset of n — t symbols of RJ , 
from which Sf[j] is computed, Pj must be faulty. So remove j and the adjacent edges 
from Diag -Graph . 

(f) If at least t + 1 edges at any vertex i have been removed, then Pi must be faulty. So 
remove i and the adjacent edges. 

(g) Find the maximum set of processors P new C Pmatch such that Sf = 5* for every pair 
of Pi, Pj G Pnew In case of a tie, pick any one. 

(h) If |P neU )| < n — t, terminate the algorithm and decide on the default output. 
Else, decide on v'i(g) = C~i t (Sf) for any Pj G P new , and update P ma tch = Pnew- 
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processors, it can be guarantee that the fault-free nodes do not have identical inputs. Then our 
algorithm will terminate and all fault-free nodes will decide on a default output. 

Initially (generation 1), P ma tch is the set of all n processors. The operations in each generation 
g are presented in Algorithm [TJ 

1.1 Proof of Correctness 

In this section, we prove the correctness of Algorithm [TJ In the proofs of the following lemmas, we 
assume that the fault-free processors always trust each other [2]. 

Lemma 1 If Detected j =false for all Pj in Line 2(d), all fault-free processors Pi £ P g0 od decide 
on the identical output value v'(g) such that v'(g) = Vj(g) for all Pj £ P goo d H Pmatch- 

Proof: According to the algorithm, every fault-free processor Pi £ P g0 od has sent Si[i] (computed 
from Vi(g) directly if Pi £ Pmatch, or computed using symbols received in Lines 1(a) and 1(b) if 
Pi £ Pmatch) to all the other fault-free processors. As a result, Ri\P goo d = Rj\P g ood is true for 
every pair of fault-free processors Pi,Pj £ P g ood- Since |P g0 od| > n — t and C n _t is a distance- 
(t + 1) code, it follows that either all fault-free processors P goo d decide on the same output, or 
at least one fault-free processor Pi £ P goo d sets Detectedi ^— true in Line 2(a). In the case all 
Detected j =false , all fault-free processors decide on an identical v'(g). Moreover, according to 
Line 2(b), every fault-free processor Pj £ P goo d H Pmatch finds Rj = Sj. It then follows that 
v'(g) = C-i t (R j ) = C-i t (Sj)=v j (g). 

□ 

Lemma 2 If a P new such that \P new \ > n — t is found in Line 3(g), all fault-free processors 
Pi £ P g ood decide on the identical output value v'(g) such that v'(g) = Vj(g) for all Pj £ P goo d^Pnew- 

Proof: Since |P n e«i| >n — t and since at most t processors are faulty, there must be at least n — 2t 
fault-free processors in P goo d D P n ewi which have broadcast the same S^'s in Line 3(b). So at Line 
3(h), all fault- free processors decide on the identical output v'(g) = Vj(g) for all Pj £ P goo d H P n ew 

□ 

Lemma 3 If a P new such that \P new \ > n — t can not be found in Line 3(g), then there must be 
two fault- free processors Pi, Pj £ P goo d such that Vi ^ Vj. 

Proof: It is easy to see that if all fault-free processors in P goo d are given the same input, then a 
Pnew SUch that |P^e^| Tl t can always be found in Line 3(g). Then the lemma follows. □ 

For the correctness of the way Diag^Graph is updated, please see [TJ and [2]. Now we can 
conclude the correctness of Algorithm [TJ as the following theorem: 

Theorem 1 Given n processors with at most t < n/3 are faulty, each given an input value of L bits, 
Algorithm^ achieves consensus correctly in L/D generations, with the diagnosis stage performed 
for at most t + t(t + 1) times. 
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Proof: According to Lemmas Q] and [21 the decided output v'(g) always equals to Vj for some 
Pj € Pgood n Pmatchi unless |-P n ew)| < re — i in Line 3(h). So consistency and validity properties are 
satisfied until |P n eiu| becomes < n — t. In the case |P ne iu| < n — t, according to Lemma El there 
must be two fault-free processors that are given different inputs. Then it is safe to decide on a 
default output and terminate. So the L-bit output satisfies the consistency and validity properties. 

Every time the diagnosis stage is performed, either at least one edge associated with a faulty 
processor is removed, or at least one processor is removed from P ma tch- So it takes at most t(t + 1) 
instances of the diagnosis stage before all faulty processors are identified. In addition, it will take 
at most t instances to remove fault-free processors from P ma tch until two fault-free processors are 
identified as having different inputs, and the algorithm terminates with a default output. □ 

1.2 Complexity 

According to Theorem (H we can compute the communication complexity of Algorithm [1] in a similar 
way as in pQ and [2]. With a appropriate choice of D, the complexity of Algorithm [T] can be made 
equal to 

n{ - n - l) L + 0{nW). (2) 
n — t 

So for sufficiently large L (0(n 6 )), the complexity is O (nL). 

2 More Efficient g-validity Consensus 

In [2], we also introduced an algorithm that solves consensus while satisfying the "g-validity" 
property, as stated below, for all i + 1 < q < n — t with communication complexity "^J l, 

q i 

• q- Validity: If at least q fault-free processors hold an identical input v, then the output v' agreed 
by the fault-free processors equals input Vj for some fault-free processor Pj. Furthermore, if 
q > Pirl , th en v' = v. 

When q = t + 1, its complexity becomes n(n — which is not linear in n any more. In fact, this 
algorithm achieves communication complexity 0{nL) only when q — t = Q(n). 

On the other hand, Algorithm Q] can achieve g-validity for q > f 1 ^] with communication 
complexity if we substitute every "re — t" with "g" in the algorithm. This formulation of 

complexity is independent of t, and remains to be 0(n) as long as q = Q(n). However, Algorithm 
[T]with the mentioned modification cannot achieve g-validity for any g < f 1 ^"]. 

In this section, we present an algorithm that achieves g-validity for all t + 1 < q < n — t while 
keeping the complexity O(reL), as long as q = O(re). This algorithm uses the "clique formation" 
technique from our previous algorithm in [2] to achieve g-validity when g is small, and uses the 
technique from Algorithm[T]presented in the previous section to improve communication complexity. 

The value Vi(g) is represented by a vector of q data symbols, each symbol represented with D/q 
bits. An (n, q) distance- (n — q + 1) Reed-Solomon code, denoted as C q , is used to encode the q data 
symbols into n coded symbols. The operations in each generation g are presented in Algorithm [2] 



4 



Algorithm 2 q- Validity Consensus, Matching and Checking stages (generation g) 

1. Matching Stage: 

In the following steps, for every processor Pj: Ri[k] «— Sj[k] whenever Pj receives Sj[k] from 
its trusted processor Pj. 

Every processor Pi performs steps 1(a) to 1(e) as follows: 

(a) Compute (£$[1], ... ,Si[n]) = C q (vi(g)), and send Si[i] to every trusted processor Pj. 

(b) If S t [j] = Ri[j] then Mi[j] <- true ; else M^j] <- false 

(c) Pi broadcasts the vector Mj using Broadcast_Single_Bit 

Using the received M vectors: 

(d) Find a set of processors P ma tch of size q such that 

Mj[fe] = Mfc[j] = true for every pair of Pj,Pk € P ma tch- 11 multiple possibility 
exist for Pmatch-, then any one of the possible sets is chosen arbitrarily as P ma tch (all 
fault-free nodes choose a deterministic algorithm to select identical P ma tch)- 

(e) If Pmatch does not exist, then decide on a default value and continue to the next gener- 
ation; 

else continue to the following steps. 

Note: At this point, if Pmatch does not exist, it is, in fact, safe to terminate the algorithm 
with a default output since it can be asserted that no q fault-free nodes have identical 
inputs. However, by continuing to the next generation instead of terminating, g-validity 
is satisfied for the inputs of each individual generation. 

When Pmatch of size q is found, each processor Pi G Pmatch performs step 1(g) as follows: 

(f) VP,- that trusts Pf. 

If i = min{Z|P; € P ma tch and Pj trusts Pi}, then Pi sends Si[k] to Pj for each k such 
that Pj does not trust P&. 

Each processor Pj £ Pmatch performs step 1(g) as follows: 

(g) Using the first q symbols it has received from the processors in Pmatch in steps 1(a) and 
1(f), Pj computes Sj[j] according to C q , then sends Sj[j] to all trusted processors. 

Note: For every processor Pj trusted by Pj, it has set Ri[j] to the Sj[j] received from 
Pj in step 1(a). It will be replaced with the new Sj[j] received in step 1(g). 

2. Checking Stage: 

Each processor Pj (in P ma tch or not) performs Checking Stage as follows: 

(a) If Ri € C q then Detectedi ^— false ; else Detectedi <r- true . 

(b) If Pj G Pmatch and Pj / Si then Detectedi <— true . 

(c) Broadcast Detectedi using Broadcast_Single_Bit . 

(d) Receive Detected j from each processor Pj (broadcast in step 2(c)). 

If Detectedj = false for all Pj, then decide on v'^g) = C~ 1 (Pj); else enter Diagnosis 
Stage 
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Algorithm 2 q- Validity Consensus, Diagnosis stage (generation g) 



3. Diagnosis Stage: 

Each processor Pj (in P ma tch or not) performs Diagnosis Stage as follows: 

(a) Broadcast Si and Ri using Broadcast-Single-Bit . 

(b) Sf «— Sj and Rf «— Rj received from Pj as a result of broadcast in step 3(a). 
Using the broadcast information, all processors perform the following steps identically: 

(c) For each edge (i,j) in Diag-Graph : Remove edge (i,j) if 3k, such that Pj receives Si[k] 
from Pi in Matching stage and R,f[k] ^ Sf[k\. 

(d) For each Pi G Pmatch'- 11 Sf £ C q , then Pi must be faulty. So remove % and the adjacent 
edges from Diag_Graph . 

(e) For each Pj ^ Pmatch'- If Sj \j\ is not consistent with the subset of q symbols of 

// ii 

Rj\Pmatch, from which Sj[j] is computed, Pj must be faulty. So remove j and the 
adjacent edges from Diag_Graph . 

(f) If at least t + 1 edges at any vertex i have been removed, then Pi must be faulty. So 
remove i and the adjacent edges. 

(g) Find a set of processors Pdetide ^ P such that S 1 * = 5* for every pair of Pj, G Pdecide- 
In case of a tie, pick any one. 

(h) If \Pdecide\ < Q, decide on the default output. 

Else, decide on v'^g) = C q 1 {S*) for any Pj G Pdecide- 



2.1 Proof of Correctness 

Lemma 4 // there are a set of at least q fault-free processors Q C P goo d such that for each Pi € Q, 
v i{9) = v{g) for some v{g), then a set P ma tch of size q necessarily exists. 

Proof: Since all the fault-free processors in Q have identical input v(g), Si = C q {v{g)) for all 
Pj G Q. Since these processors are fault-free and always trust each other, they send each other 
correct messages in the matching stage. Thus, Ri[j] = Sj[j] = Si[j] for all Pi,Pj G Q. This fact 
implies that Mi[j] = Mj[i] =true for all Pi,Pj G Q. Since there are \Q\ > q fault-free processors 
in Q, it follows that a set P m atch of size q must exist. □ 

Lemma 5 If Detected j =false for all Pj in Line 2(d), all fault-free processors Pi G P goo d decide 
on the identical output value v'(g) such that v'{g) = Vj{g) for all Pj G Pmatch H Pgood- 

Proof: Observe that size of set P ma tch l~l Pgood is at least q — t > 1, so there must be at least one 
fault-free processor in P ma tch- 

According to the algorithm, every fault-free processor Pj G P goo d has sent 5j[i] (computed from 
Vi(g) directly if Pj G Pmatch, or computed using the q symbols received from P ma tch i n Lines 1(a) and 
1(f) if Pj ^ Pmatch) to all the other fault-free processors. As a result, Ri\P goo d = Rj\Pgood is true for 
every pair of fault-free processors Pj, Pj G P goo d- Since \P goo d\ > n — t > q and C q has dimension q, it 
follows that either all fault- free processors P goo d decide on the same output, or at least one fault-free 
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processor Pj £ P goo <i sets Detectedi <(— true in Line 2(a). In the case Detected j=false for all P,-, all 
fault-free processors decide on an identical v'(g). Moreover, according to Line 2(b), every fault-free 
processor Pj £ Pgood^Pmatch finds Pj = 5j. It then follows that v'(g) = C~ l {Rj) = C~ t {Sj) = Vj(g) 
where Pj 6 P soorf n P ma tch- 

□ 

Then we can have the following theorem about the correctness of Algorithm [2j 

Theorem 2 Given n processors with at most t < n/3 are faulty, each given an input value of L 
bits, Algorithm^ achieves q-validity for each one of the L/D generations, with the diagnosis stage 
performed for at most t(t + 1) times. 

Proof: Similar to Theorem [TJ □ 
2.2 Complexity 

In Lines 1(a) and 1(f), every processor receives at most n — 1 symbols, so at most n(n — 1) symbols 
are communicated in these two steps. In Line 1(g), every processor Pj ^ P m atch sends at most n — 1 
symbols, and there are at most n — q processors not in Pmatch-, so at most (n — q){n — 1) symbols are 
communicated in this step. So in total, no more than (2n — q)(n — 1) symbols are communicated 
in the Matching stage. Then with an appropriate choice of D, the complexity of Algorithm [2] can 
be made to 

< {2n - q){n - l) L + Q(n^). (3) 

q 

So for any q = Q,(n) and t+l<q<n — t, with a sufficiently large L (f2(ra 6 )), the complexity is 
O(nL). 
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